Blog & How To Guides | WhoisXML API

WhoisXML API Blog

What Are the Priorities for the U.S. Administration Cybersecurity Spending in 2026?

The White House has laid out a road map on how executive departments and agencies should plan to spend their cybersecurity dollars in the coming years. On 10 July 2024, the Office of Management and Budget (OMB) released a memorandum outlining the administration’s cybersecurity investment priorities. The memo intends to guide relevant government entities as they prepare their 2026 budget submissions to the OMB.

The U.S. government is taking a page out of its own National Cybersecurity Strategy (NCS) playbook, wrapping its investment priorities around five pillars to improve the country’s cybersecurity posture, namely:

Making Email Security Smarter with Domain Intelligence

More than 4 billion people checking their emails daily represents a goldmine for attackers. No wonder phishing remains one of the biggest threats today, pushing email security to the top of organizations' cyber priorities.

But here's the kicker—90% of malicious emails can slip through email security standards, such as the Sender Policy Framework (SPF); the DomainKeys Identified Mail (DKIM); or Domain-Based Message Authentication, Reporting, and Conformance (DMARC).

While many email security providers are out there, those offering a multilayered approach can offer more.

Name Server Concentration: Who Controls the Domain Name System?

Name servers (NSs) play a crucial role in how the Internet works, directing traffic to the correct destinations. Specifically, NS records tell recursive resolver servers which authoritative NS is responsible for a specific domain name. The resolver would then contact the authoritative NS to obtain the domain's corresponding IP address.

While having a small number of entities control a large portion of the DNS can increase efficiency, it could also result in choke points, where a single disruption could significantly impact a large portion of Internet traffic.

Exploring IoCs and Their DNS Narratives

No matter how stealthy attackers try to be, they almost always leave a trail behind—digital breadcrumbs known as “indicators of compromise (IoCs)” after a cyber attack or an attempted intrusion.

Let's take the Black Basta ransomware attacks as an example. Cybersecurity authorities like the Cybersecurity and Infrastructure Security Agency (CISA) identified hundreds of IoCs associated with this ransomware-as-a-service (RaaS) variant. These IoCs include cyber resources like file hashes, domain names, and IP addresses, and serve as digital footprints pertaining to the attackers’ activities. They provide invaluable clues for cybersecurity professionals, helping them understand what happened and prevent similar attacks in the future.

Who Runs Email Communications? A Look at the Prevalence of MX Records

Email remains a vital part of modern communication, with 347.3 billion emails sent and received daily worldwide in 2023. For each email to reach its intended recipient, mail exchange (MX) records direct it to the correct mail server.

While individual email users can create their own mail servers, most people use email services from established email service providers (ESPs) to avoid the complexity of running their own servers. These services typically provide storage, security features, and user-friendly interfaces, all without burdening users with maintenance.

However, some experts are concerned about the concentration of power within a limited number of companies controlling MX records. They warn of potential vulnerabilities if email routing relies heavily on just a handful of providers.

Leveraging IP Data to Enable Extensive Asset Discovery and Contextualization

Mirroring Sun Tzu’s wisdom, “To know your enemy, you must become your enemy,” today’s cybersecurity landscape demands that security teams see their IT infrastructure through attackers’ eyes. This proactive approach is vital, notably considering the Data Breach Investigations Report (DBIR) finding that 65% of data breaches stem from external sources.

Adopting an attacker mindset enables security teams to identify and address attack vectors early and continuously manage their attack surfaces. This strategy entails asking questions like, “What assets can threat actors see and use as entry points?” and “How can compromising these assets impact other assets?”

External attack surface management (EASM) solutions, especially when supplemented with IP intelligence, can help answer these and other related questions.

Multilayered Fraud Detection with Cyber Intelligence

For centuries, fraudsters have devised cunning schemes to steal from unsuspecting victims. Though fraud methods have evolved, their impact remains devastating. In 2023 alone, victims worldwide lost more than US$1 trillion to fraud.

The latest INTERPOL assessment of financial fraud reveals that technology significantly enables cybercriminal groups to launch large-scale and sophisticated campaigns. This trend calls for a similar technology-empowered cybersecurity approach. Organizations need to respond in kind and utilize modern technology to detect and prevent fraud.

It’s Time to Upgrade: Is Your Security Solution Ready for PCI DSS v4.0?

For organizations handling cardholder data, security is a constant battle, with cybercriminals devising new tactics and exploits to steal sensitive information left and right. That is why the Payment Card Industry Data Security Standard (PCI DSS) has been crucial as the gold standard for safeguarding payment-related data. And just as threats evolve, so too must the standards protecting financial information.

Recognizing this need, the PCI Security Standards Council introduced PCI DSS v4.0, effectively retiring PCI DSS v3.2.1 on 31 March 2024. Let’s explore what this new version brings to the table and how it can help organizations better protect cardholder data.

Try our WhoisXML API for free
Get started